Abstract
Many anonymous applications offer unconditional anonymity to their users. However, this can provoke abusive behavior. Dissatisfied users will drop out or liability issues may even force the system to suspend or cease its services. Therefore, controlling abuse is as important as protecting the anonymity of legitimate users. However, designing such applications is no sinecure. This paper presents a methodology for designing controlled anonymous environments. The methodology generates a conceptual model that compromises between privacy requirements and control requirements. The conceptual model allows to derive performance and trust properties and easily maps to control mechanisms.
Chapter PDF
Similar content being viewed by others
References
E. Bangerter, J. Camenisch, and A. Lysyanskaya. A Cryptographic Framework for the Controlled Release Of Certified Data. In Twelfth International Workshop on Security Protocols, 2004.
S. Brands. Rethinking Public Key Infrastructure and Digital Certificates Building in Privacy. PhD thesis, Eindhoven Institute of Technology, 1999.
Jan Camenisch, Els Van Herreweghen. Design and Implementation of the Idemix Anonymous Credential System. Research Report RZ 3419, IBM Research Division, June 2002. Also appeared in ACM Computer and Communication Security, 2002.
D. Cvrcek and V. Matyas. On the role of contextual information for privacy attacks and classification. In Privacy and Security Aspects of Data Mining workshop, IEEE ICDM, Brighton, UK, 1 November 2004.
J. de Lara, H. Vangheluwe, and M. Alfonseca. Meta-modelling and graph grammars for multi-paradigm modelling in AToM3. In Software and Systems Modeling (SoSyM), 3(3): pages 194–209, August 2004.
J. de Lara and H. Vangheluwe. Model-Based Development: Meta-Modelling, Transformation and Verification. The Idea Group Inc., 2005. http://www.cs.mcgill.ca/hv/publications/04.OOmanagement.pdf
K. Irwin and T. Yu. An identifiability-based access control model for privacy protection in open systems. In The Electronic Society archive Proceedings of the 2004 ACM workshop on Privacy in the electronic society. Washington DC, p. 43–51.
T. Murata. Petri Nets: Properties, Analysis amd Applications. In Proceedings of the IEEE, Vol 77(4). pp.: 541–579.
V. Naessens and B. De Decker. Design patterns for modelling controlled anonymous applications. DistriNet Report, Dept. of Computer Science, K.U.Leuven, 2005.
A. Pashalidis and C. J. Mitchell. Limits to anonymity when using credentials. In Proceedings of the 12th International Workshop on Security Protocols, Cambridge, UK, Springer-Verlag LNCS, April 2004.
A. Pfitzmann and M. Kohntopp. Anonymity, unobservability and pseudonymity: a proposal for terminology. In Designing Privacy Enhancing Technologies: Proceedings of the International Workshop on the Design Issues in Anonymity and Observability, LNCS 2009, pages 1–9. Springer-Verlag, 2000.
W.B. Teeuw, H. van den Berg. On the Quality of Conceptual Models. In Proceedings of the ER’97 Workshop on Behavioral Models and Design Transformations: Issues and Opportunities in Conceptual Modeling.
E. Van Herreweghen. A Risk Driven Approach to Designing Privacy Enhanced Secure Applications. In Proceedings of the 19th IFIP International Information Security Conference(SEC2004)-Embedded Workshop Privacy and Anonymity in Networked and Distributed Systems (I-NetSec’04), August 2004.
A. Zugenmaier, M. Kreutzer, and G. Muller. The Freiburg Privacy Diamond: An attacker model for a mobile computing environment. In Kommunikation in Verteilten Systemen (KiVS)’ 03, Leipzig, 2003.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 International Federation for Information Processing
About this paper
Cite this paper
Naessens, V., De Decker, B. (2006). A Methodology for Designing Controlled Anonymous Applications. In: Fischer-Hübner, S., Rannenberg, K., Yngström, L., Lindskog, S. (eds) Security and Privacy in Dynamic Environments. SEC 2006. IFIP International Federation for Information Processing, vol 201. Springer, Boston, MA. https://doi.org/10.1007/0-387-33406-8_10
Download citation
DOI: https://doi.org/10.1007/0-387-33406-8_10
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-33405-9
Online ISBN: 978-0-387-33406-6
eBook Packages: Computer ScienceComputer Science (R0)